I. Introduction to Failure Mode and Effect Analysis (OVERHEAD 1)

A. The Failure Mode and Effect Analysis (FMEA) is a “logical, structured analysis of a system, subsystem, device, or process” (Schubert, 1992). It is one of the most commonly used reliability and system safety analysis techniques.

1. The FMEA is used to identify possible failure modes, their causes, and the effects of these failures.

2. Proper identification of failures may lead to solutions that increase the overall reliability and safety of a product.

B. Timing (OVERHEAD 2)

1. Initially, the FMEA should be performed while in the design stage, but it also may be used throughout the life cycle of a product to identify possible failures as the system ages.

2. Failure mode and effect analyses may vary in the level of detail reported, depending upon the detail needed and the availability of information. As a development matures, assessment of criticality is added in what becomes a Failure Mode, Effects, and Criticality Analysis, or FMECA.

C. Benefits of FMEA (OVERHEAD 3)

1. The final product must be “safe”, as defined by the application. FMEA helps designers to identify and eliminate or control dangerous failure modes, minimizing damage to the system and its users.

2. An increasingly accurate estimate of probability of failure will be developed, especially if reliable probability data is generated with an FMECA.

3. Reliability of the product will improve.

4. The design time will be reduced due to timely identification and correction of problems.

D. Other possible uses of FMEA (OVERHEAD 4)

1. FMEA can be used in the preparation of diagnostic procedures.

2. FMEA can be used to set appropriate maintenance procedures and intervals.

3. In legal proceedings, FMEA may be used as documentation of the safety considerations that were involved in the design.

4. As listed in MIL-STD-1629A, additional applications for FMEA include “maintainability, safety analysis, survivability and vulnerability, logistics support analysis, maintenance plan analysis, and for failure detection and isolation subsystem design.” Failure mode and effect analyses can be used for many applications in which reliability and safety are a concern.

II. Types of FMEA (OVERHEAD 5)

A. Two main types of failure mode and effect analyses are used.

1. Functional

a. This type of FMEA assumes a failure, and then identifies how that failure could occur.

b. The functional approach is typically used when individual items cannot be identified or a complex system exists.

c. The functional approach generally involves a top-down analysis in which a specific failure mode for the entire system is traced back to the initiating subsystem failure mode(s).

2. Hardware

a. The hardware approach investigates smaller portions of the system, such as subassemblies and individual components.

b. The hardware approach generally involves a bottom-up analysis in which the effects of possible failure modes of a subsystem, assembly, component, part, etc. on the entire system are identified.

B. This lecture will cover the hardware approach to FMEA since it is more commonly used than the functional approach.

III. FMECA (Failure Mode, Effects, and Criticality Analysis) (OVERHEAD 6)

A. An FMECA is essentially an FMEA, with an added criticality analysis. Another section should be added to the tabular format for criticality.

B. A failure mode, effects, and criticality analysis (FMECA) is performed to evaluate reliability and safety by identifying critical failure modes and their effects on the system.

C. The FMECA is performed on parts that are especially critical to the operation and well being of operators. A thorough knowledge of the system is required to complete an FMECA.

D. FMECAs can also be used to analyze processes, with the focus on process functions and operations and how failure may occur.

E. Failure data is necessary to complete the criticality portion of an FMECA.

F. (OVERHEAD 7) Failure modes may be ranked by the assigned criticality to determine which failure mode should be reduced in criticality by redesign or other abatement methods. System users should specify acceptable criticality levels.

G. Three ways to complete FMECA:

1. Use criticality indices.

2. The severity and probability indices are added together to yield the criticality index. It represents a measure of the overall risk associated with each combination of severity and probability. This method is commonly used in preliminary design when the failure probabilities are not known.

3. Another method, which will only be mentioned here, involves determining the criticality using failure probability.

H. (OVERHEAD 8) A failure mode, effects, and criticality analysis can be a starting point for many other types of analyses, including:

1. System Safety Analysis

2. Production Planning

3. Test Planning and Validation

4. Repair Level Analysis

5. Logistics Support Analysis

6. Maintenance Planning Analysis.

These additional analyses may also be used to update and improve the FMECA as new information evolves.

IV. Performing an FMEA (OVERHEAD 9)

A. The scope of an FMEA should be determined while information is being collected to perform the analysis.

B. The following information may be helpful when preparing an FMEA:

1. Design drawings

2. System schematics

3. Functional diagrams

4. Previous analytical data (if available)

5. System descriptions

6. Data gained from past experience

7. Manufacturer’s component data/specifications

8. Preliminary hazard list (if available)

9. Preliminary hazard analysis

10. Other system analyses previously performed

(Vincoli, 1997.)

C. Many documents exist that provide guidance on how to perform an FMEA.

1. MIL-STD-1629A was the standard for the U.S. military until 1998.

2. On August 4, 1998, the military standard, MIL-STD-1629A dated 24 November 1980, was rescinded, with instructions for users to “consult various national and international documents for information regarding failure mode, effects, and criticality analysis.”

3. Because no better reference exists than the rescinded MIL-STD-1629A, it is used as a primary reference for this module.

V. Steps in FMEA (OVERHEAD 10)

A. The following is a procedure for performing an FMEA.

1. Define the scope of the analysis.

a. Resolution

i. Decide on an appropriate system level at which to perform the FMEA (subsystem, assembly, subassembly, component, part, etc.)

ii. Generally, the resolution of the FMEA should be increased as the design progresses.

b. Focus

i. The FMEA may be intended to determine the effects of failure modes on individual areas such as safety, mission success, or repair cost.

ii. For example, a safety-focused FMEA might indicate that a particular failure mode is not very critical, even though the failure may result in significant repair costs or downtime.

2. (OVERHEAD 11) Prepare a block diagram of the system - A block diagram graphically shows the relationship between the system’s components.

3. Identify possible failure modes for each component.

a. What is the failure mode?

i. Failure modes are ways the system or component might fail. They might include yielding, ductile rupture, brittle fracture, fatigue, corrosion, wear, impact failure, fretting, thermal shock, radiation, buckling, and corrosion fatigue.

ii. An example of a failure mode would be corrosion, which might cause a metal pipe underneath a kitchen sink to develop a leak.

b. How does the failure occur?

i. Example: Corrosion is a time-based failure mode that would attack the metal pipe over time. Water and other particulate material are a requirement for corrosion to occur.

4. (OVERHEAD 12) Identify possible causes for each failure mode.

a. What is the root cause?

i. Example: An uncoated metal pipe that has water running through it regularly.

5. Analyze the effects of the failure modes.

a. What are the effects of the failure?

i. Local effects.

(i) Example: A hole would develop in the pipe causing a water leak. Water damage to the surrounding environment may occur.

ii. System effects.

(i) Example: The system is defined as a house. Further water damage could result and possibly major flooding if corrective action is not taken in a reasonable amount of time.

6. (OVERHEAD 13) Classify the severity of the effects of each failure mode using the following four categories:

a. 4. Catastrophic (Death or system loss)

b. 3. Critical (Severe injury, occupational illness, or system damage)

c. 2. Marginal (Minor injury, occupational illness, or system damage)

d. 1. Negligible (Less than minor injury, occupational illness, or system damage)

(Bloswick, NIOSH P.O. #939341 and MIL-STD-882B)

7. (OVERHEAD 14) Estimate the probability of each failure mode. Failure mode probabilities may be classified as follows:

a. 4. Probable (Likely to occur immediately or within a short period of time)

b. 3. Reasonably Probable (Probably will occur in time)

c. 2. Remote (Possible to occur in time)

d. 1. Extremely Remote (Unlikely to occur)

Note: (OVERHEAD 15) Severity and probability rankings will help the designer(s) to identify the criticality of the potential failure and the areas of the design that need the most attention. When a criticality index is included, the analysis is called a Failure Modes, Effects, and Criticality Analysis, or FMECA.

(Bloswick, NIOSH P.O. #939341)

8. For each failure mode, either propose modifications to prevent or control the failure mode or justify the acceptance of the failure mode and its potential effects.

9. The criticality index is often defined as the sum or product of the severity and probability indices. The higher the criticality index, the higher the priority for change. The actual categorization of criticality indices into specific change priorities is generally a management decision.

VI. Example (pressure cooker) (OVERHEAD 16)

A. FMECA are generally presented in a tabular form.

B. Discuss the example FMECA.

–Overhead 17: Defined scope

–Overhead 18: Block diagram

–Overhead 19-20: Completed FMECA

VII. FMECA Output (OVERHEAD 21)

A. Information gained from FMECA includes:

1. Listing of potential failure modes and failure causes. These could help guide the system testing and inspection techniques.

2. Further designation (criticality) of potential failures that could affect overall system performance.

3. Detection and control measures for each failure mode.

4. Management information.

5. Input for further analysis.

VIII. Limitations of FMECA (OVERHEAD 22)

A. Critical failure modes, causes, or effects that are not recognized by the designer(s) will not be addressed by the FMECA.

B. FMECA does not account for multiple-failure interactions, meaning that each failure is considered individually and the effect of several failures is not accounted for.

C. FMECA does not analyze dangers or problems that may occur when the system is operating properly.

D. Human factors are not considered.

IX. Lecture Summary (OVERHEAD 23)

A. The overall safety of a design can be improved by using FMECA during the design process.

B. The quality of the final product will be improved.

C. The design process will be faster and progress more smoothly.

OVERHEADS

Failure Mode and Effect Analysis

The Failure Mode and Effect Analysis (FMEA) is a “logical, structured analysis of a system, subsystem, device, or process.”

It is one of the most commonly used reliability and system safety analysis techniques.

· The FMEA is used to identify possible failure modes, their causes, and the effects of these failures.

· Proper identification of failures may lead to solutions that increase the overall reliability and safety of a product.

Timing

Initially, the FMEA should be performed while in the design stage, but it also may be used throughout the life cycle of a product to identify possible failures as the system ages.

Failure mode and effect analyses may vary in the level of detail reported, depending upon the detail needed and the availability of information. As a development matures, assessment of criticality is added in what becomes a Failure Mode, Effects, and Criticality Analysis, or FMECA.

3 Benefits of FMEA

· The final product must be “safe”, as defined by the application. FMEA helps designers to identify and eliminate or control dangerous failure modes, minimizing damage to the system and its users.

· An increasingly accurate estimate of probability of failure will be developed, especially if reliable probability data is generated with an FMECA.

· Reliability of the product will improve.

· The design time will be reduced due to timely identification and correction of problems.

4 Other Possible Uses of FMEA

· FMEA can be used in the preparation of diagnostic procedures.

· FMEA can be used to set appropriate maintenance procedures and intervals.

· In legal proceedings, FMEA may be used as documentation of the safety considerations that were involved in the design.

· As listed in MIL-STD-1629A, additional applications for FMEA include “maintainability, safety analysis, survivability and vulnerability, logistics support analysis, maintenance plan analysis, and for failure detection and isolation subsystem design.”

Types of FMEA

Two main types of failure mode and effect analyses are used.

· Functional

o This type of FMEA assumes a failure, and then identifies how that failure could occur.

o The functional approach is typically used when individual items cannot be identified or a complex system exists.

o The functional approach generally involves a top-down analysis in which a specific failure mode for the entire system is traced back to the initiating subsystem failure mode(s).

· Hardware

o The hardware approach investigates smaller portions of the system, such as subassemblies and individual components.

o The hardware approach generally involves a bottom-up analysis in which the effects of possible failure modes of a subsystem, assembly, component, part, etc. on the entire system are identified.

6 Failure Mode, Effects, and Criticality Analysis

An FMECA is essentially an FMEA, with an added criticality analysis. An additional section should be added to the tabular format for criticality.

· A FMECA is performed to evaluate reliability and safety by identifying critical failure modes and their effects on the system.

· The FMECA is performed on parts that are especially critical to the operation and well being of operators. A thorough knowledge of the system is required to complete an FMECA.

· Failure data is necessary to complete the criticality portion of an FMECA.

7

FMECA

· Failure modes may be ranked by the assigned criticality to determine which failure mode should be reduced in criticality by redesign or other abatement methods. System users should specify acceptable criticality levels.

· Three ways to complete FMECA:

o Use criticality indices.

o The severity and probability indices are added together to yield the criticality index. It represents a measure of the overall risk associated with each combination of severity and probability. This method is commonly used in preliminary design when the failure probabilities are not known.

o Another method, which will only be mentioned here, involves determining the criticality using failure probability.

8 A failure mode, effects, and criticality analysis can be a starting point for many other types of analyses,

including:

These additional analyses may also be used to update and improve the FMECA as new information evolves.

Performing an FMEA

The scope of an FMEA should be determined while information is being collected to perform the analysis.

The following information may be helpful when

preparing an FMEA:

§ Design drawings

§ System schematics

§ Functional diagrams

§ Previous analytical data (if available)

§ System descriptions

§ Data gained from past experience

§ Manufacturer’s component data/specifications

§ Preliminary hazard list (if available)

§ Preliminary hazard analysis

§ Other system analyses previously performed

10 Steps in FMEA

The following is a procedure for performing an FMEA.

· Define the scope of the analysis.

o Resolution

§ Decide on an appropriate system level at which to perform the FMEA (subsystem, assembly, subassembly, component, part, etc.)

§ Generally, the resolution of the FMEA should be increased as the design progresses.

o Focus

§ The FMEA may be intended to determine the effects of failure modes on individual areas such as safety, mission success, or repair cost.

§ For example, a safety-focused FMEA might indicate that a particular failure mode is not very critical, even though the failure may result in significant repair costs or downtime.

11 · Prepare a block diagram of the system - A block diagram graphically shows the relationship between the system’s components.

· Identify possible failure modes for each component.

o What is the failure mode?

§ Failure modes are ways the system or component might fail. They might include yielding, ductile rupture, brittle fracture, fatigue, corrosion, wear, impact failure, fretting, thermal shock, radiation, buckling, and corrosion fatigue.

§ An example of a failure mode would be corrosion, which might cause a metal pipe underneath a kitchen sink to develop a leak.

o How does the failure occur?

§ Example: Corrosion is a time-based failure mode that would attack the metal pipe over time. Water and other particulate material are a requirement for corrosion to occur.

12 Identify possible causes for each failure mode.

§ What is the root cause?

· Example: An uncoated metal pipe that has water running through it regularly.

Analyze the effects of the failure modes.

§ What are the effects of the failure?

· Local effects.

o Example: A hole would develop in the pipe causing a water leak. Water damage to the surrounding environment may occur.

· System effects.

o Example: The system is defined as a house. Further water damage could result and possibly major flooding if corrective action is not taken in a reasonable amount of time.

13 Classify the severity of the effects of each failure mode using the following four categories:

4. Catastrophic (Death or system loss)

3. Critical (Severe injury, occupational illness, or system damage)

2. Marginal (Minor injury, occupational illness, or system damage)

1. Negligible (Less than minor injury, occupational illness, or system damage)

14 Estimate the probability of each failure mode. Failure mode probabilities may be classified as follows:

4. Probable (Likely to occur immediately or within a short period of time)

3. Reasonably Probable (Probably will occur in time)

2. Remote (Possible to occur in time)

1. Extremely Remote (Unlikely to occur)

Note: Severity and probability rankings will help the designer(s) to identify the criticality of the potential failure and the areas of the design that need the most attention. When a criticality index is included, the analysis is called a Failure Modes, Effects, and Criticality Analysis, or FMECA.

For each failure mode, either propose modifications to prevent or control the failure mode or justify the acceptance of the failure mode and its effects.

The criticality index is often defined as the sum or product of the severity and probability indices. The higher the criticality index, the higher the priority for change. The actual categorization of criticality indices into specific change priorities is generally a management decision.

Pressure Cooker Safety Features

1. Safety valve relieves pressure before it reaches dangerous levels.

2. Thermostat opens circuit through heating coil when the temperature rises above 250° C.

3. Pressure gage is divided into green and red sections. "Danger" is indicated when the pointer is in the red section.

Failure Modes, Effects and Criticality Analysis for a Pressure Cooker (hardware approach with a focus on safety)

Item	Failure Mode	Failure Causes	Failure Effects	Severity	Probability	Criticality	Control Measures/Remarks
Electrical System	No current	· Defective cord · Defective plug · Defective heating coil	Cooking interruption (mission failure)	1	2	2	· Use high-quality components. · Periodically inspect cord and plug.
Electrical System	Current flows to ground by an alternate route	Faulty insulation	· Shock · Cooking interruption	2	1	2	· Use a grounded (3-prong) plug. · Only plug into outlets controlled by ground-fault circuit interrupters.
Safety Valve	Open	Broken valve spring	· Steam could burn operator · Increased cooking time	2	2	4	Design spring to handle the fatigue and corrosion that it will be subjected to.
Safety Valve	Closed	· Corrosion · Faulty manufacture	Potential overpressurization	1	2	2	· Use corrosion-resistant materials. · Test the safety valve.
Thermostat	Open	Defective thermostat	Cooking interruption	1	2	2	Use a high-quality thermostat.
Thermostat	Closed	Defective thermostat	Overpressurization eventually opens valve	1	2	2	Use a high-quality thermostat.
Pressure Gage	Falsely indicates safe conditions	· Corrosion · Faulty manufacture	Operator is not alerted of unsafe pressure build-up (explosion)	4	2	8	· Use corrosion-resistant materials. · Test the safety valve.
Pressure Gage	Falsely indicates unsafe conditions	· Corrosion · Faulty manufacture	Operator might assume system will not operate correctly	1	2	2
Safety Valve and Thermostat	Both open	Broken valve spring and defective thermostat	Increased cooking time or cooking interruption	1	2	2	· Design spring to handle the fatigue and corrosion that it will be subjected to. · Use corrosion-resistant materials. · Test the safety valve. · Use a high-quality thermostat
Safety Valve and Thermostat	Both closed	Corroded or otherwise faulty valve and defective thermostat	· Loss of system · Severe injuries or fatalities	4	2	8

21 Information gained from FMECA

Information gained from FMECA includes:

1. Listing of potential failure modes and failure causes. These could help guide the system testing and inspection techniques.

2. Further designation (criticality) of potential failures that could affect overall system performance.

3. Detection and control measures for each failure mode.

4. Management information.

5. Input for further analysis.

Limitations of FMECA

1. Failure modes must be foreseen by the designer(s).

2. FMECA does not account for multiple-failure interactions.

3. FMECA does not analyze dangers or problems that may occur when the system is operating properly.

4. Human factors are not considered.

Lecture Summary

· The overall safety of a design can be improved by using FMEA/FMECA during the design process.

· The quality of the final product will be improved.

· The design process will be faster and progress more smoothly.

Failure Mode and Effect Analysis (FMEA) Lecture Handout

I. Introduction to Failure Mode and Effect Analysis

1. The FMEA is used to identify possible failure modes, their causes, and the effects of these failures.

2. Proper identification of failures may lead to solutions that increase the overall reliability and safety of a product.

B. Timing

1. Initially, the FMEA should be performed while in the design stage, but it also may be used throughout the life cycle of a product to identify possible failures as the system ages.

2. Failure mode and effect analyses may vary in the level of detail reported, depending upon the detail needed and the availability of information. As a development matures, assessment of criticality is added in what becomes a Failure Mode, Effects, and Criticality Analysis, or FMECA.

C. Benefits of FMEA

2. An increasingly accurate estimate of probability of failure will be developed, especially if reliable probability data is generated with an FMECA.

3. Reliability of the product will improve.

4. The design time will be reduced due to timely identification and correction of problems.

D. Other possible uses of FMEA

1. FMEA can be used in the preparation of diagnostic procedures.

2. FMEA can be used to set appropriate maintenance procedures and intervals.

3. In legal proceedings, FMEA may be used as documentation of the safety considerations that were involved in the design.

II. Types of FMEA

A. Two main types of failure mode and effect analyses are used.

1. Functional

a. This type of FMEA assumes a failure, and then identifies how that failure could occur.

b. The functional approach is typically used when individual items cannot be identified or a complex system exists.

c. The functional approach generally involves a top-down analysis in which a specific failure mode for the entire system is traced back to the initiating subsystem failure mode(s).

2. Hardware

a. The hardware approach investigates smaller portions of the system, such as subassemblies and individual components.

b. The hardware approach generally involves a bottom-up analysis in which the effects of possible failure modes of a subsystem, assembly, component, part, etc. on the entire system are identified.

B. This lecture will cover the hardware approach to FMEA since it is more commonly used than the functional approach.

III. FMECA (Failure Mode, Effects, and Criticality Analysis)

A. An FMECA is essentially an FMEA, with an added criticality analysis. Another section should be added to the tabular format for criticality.

B. A failure mode, effects, and criticality analysis (FMECA) is performed to evaluate reliability and safety by identifying critical failure modes and their effects on the system.

C. The FMECA is performed on parts that are especially critical to the operation and well being of operators. A thorough knowledge of the system is required to complete an FMECA.

D. FMECAs can also be used to analyze processes, with the focus on process functions and operations and how failure may occur.

E. Failure data is necessary to complete the criticality portion of an FMECA.

F. Failure modes may be ranked by the assigned criticality to determine which failure mode should be reduced in criticality by redesign or other abatement methods. System users should specify acceptable criticality levels.

G. Three ways to complete FMECA:

1. Use criticality indices.

2. The severity and probability indices are added together to yield the criticality index. It represents a measure of the overall risk associated with each combination of severity and probability. This method is commonly used in preliminary design when the failure probabilities are not known.

3. Another method, which will only be mentioned here, involves determining the criticality using failure probability.

H. A failure mode, effects, and criticality analysis can be a starting point for many other types of analyses, including:

1. System Safety Analysis

2. Production Planning

3. Test Planning and Validation

4. Repair Level Analysis

5. Logistics Support Analysis

6. Maintenance Planning Analysis.

These additional analyses may also be used to update and improve the FMECA as new information evolves.

IV. Performing an FMEA

A. The scope of an FMEA should be determined while information is being collected to perform the analysis.

B. The following information may be helpful when preparing an FMEA:

1. Design drawings

2. System schematics

3. Functional diagrams

4. Previous analytical data (if available)

5. System descriptions

6. Data gained from past experience

7. Manufacturer’s component data/specifications

8. Preliminary hazard list (if available)

9. Preliminary hazard analysis

10. Other system analyses previously performed

(Vincoli, 1997.)

C. Many documents exist that provide guidance on how to perform an FMEA.

1. MIL-STD-1629A was the standard for the U.S. military until 1998.

2. On August 4, 1998, the military standard, MIL-STD-1629A dated 24 November 1980, was rescinded, with instructions for users to “consult various national and international documents for information regarding failure mode, effects, and criticality analysis.”

3. Because no better reference exists than the rescinded MIL-STD-1629A, it is used as a primary reference for this module.

V. Steps in FMEA

A. The following is a procedure for performing an FMEA.

1. Define the scope of the analysis.

a. Resolution

i. Decide on an appropriate system level at which to perform the FMEA (subsystem, assembly, subassembly, component, part, etc.)

ii. Generally, the resolution of the FMEA should be increased as the design progresses.

b. Focus

i. The FMEA may be intended to determine the effects of failure modes on individual areas such as safety, mission success, or repair cost.

ii. For example, a safety-focused FMEA might indicate that a particular failure mode is not very critical, even though the failure may result in significant repair costs or downtime.

2. Prepare a block diagram of the system - A block diagram graphically shows the relationship between the system’s components.

3. Identify possible failure modes for each component.

a. What is the failure mode?

i. Failure modes are ways the system or component might fail. They might include yielding, ductile rupture, brittle fracture, fatigue, corrosion, wear, impact failure, fretting, thermal shock, radiation, buckling, and corrosion fatigue.

ii. An example of a failure mode would be corrosion, which might cause a metal pipe underneath a kitchen sink to develop a leak.

b. How does the failure occur?

i. Example: Corrosion is a time-based failure mode that would attack the metal pipe over time. Water and other particulate material are a requirement for corrosion to occur.

4. Identify possible causes for each failure mode.

a. What is the root cause?

i. Example: An uncoated metal pipe that has water running through it regularly.

5. Analyze the effects of the failure modes.

a. What are the effects of the failure?

i. Local effects.

(i) Example: A hole would develop in the pipe causing a water leak. Water damage to the surrounding environment may occur.

ii. System effects.

(i) Example: The system is defined as a house. Further water damage could result and possibly major flooding if corrective action is not taken in a reasonable amount of time.

6. Classify the severity of the effects of each failure mode using the following four categories:

a. 4. Catastrophic (Death or system loss)

b. 3. Critical (Severe injury, occupational illness, or system damage)

c. 2. Marginal (Minor injury, occupational illness, or system damage)

d. 1. Negligible (Less than minor injury, occupational illness, or system damage)

(Bloswick, NIOSH P.O. #939341 and MIL-STD-882B)

7. Estimate the probability of each failure mode. Failure mode probabilities may be classified as follows:

a. 4. Probable (Likely to occur immediately or within a short period of time)

b. 3. Reasonably Probable (Probably will occur in time)

c. 2. Remote (Possible to occur in time)

d. 1. Extremely Remote (Unlikely to occur)

(Bloswick, NIOSH P.O. #939341)

8. For each failure mode, either propose modifications to prevent or control the failure mode or justify the acceptance of the failure mode and its potential effects.

VI. Example (pressure cooker)

A. FMECA are generally presented in a tabular form.

B. Discuss the example FMECA.

–Defined scope

–Block diagram

–Completed FMECA

VII. FMECA Output

A. Information gained from FMECA includes:

1. Listing of potential failure modes and failure causes. These could help guide the system testing and inspection techniques.

2. Further designation (criticality) of potential failures that could affect overall system performance.

3. Detection and control measures for each failure mode.

4. Management information.

5. Input for further analysis.

VIII. Limitations of FMECA

A. Critical failure modes, causes, or effects that are not recognized by the designer(s) will not be addressed by the FMECA.

B. FMECA does not account for multiple-failure interactions, meaning that each failure is considered individually and the effect of several failures is not accounted for.

C. FMECA does not analyze dangers or problems that may occur when the system is operating properly.

D. Human factors are not considered.

IX. Lecture Summary

A. The overall safety of a design can be improved by using FMECA during the design process.

B. The quality of the final product will be improved.

C. The design process will be faster and progress more smoothly.

Failure Modes, Effects and Criticality Analysis for a Pressure Cooker (hardware approach with a focus on safety)

Item	Failure Mode	Failure Causes	Failure Effects	Severity	Probability	Criticality	Control Measures/Remarks
Electrical System	No current	· Defective cord · Defective plug · Defective heating coil	Cooking interruption (mission failure)	1	2	2	· Use high-quality components. · Periodically inspect cord and plug.
Electrical System	Current flows to ground by an alternate route	Faulty insulation	· Shock · Cooking interruption	2	1	2	· Use a grounded (3-prong) plug. · Only plug into outlets controlled by ground-fault circuit interrupters.
Safety Valve	Open	Broken valve spring	· Steam could burn operator · Increased cooking time	2	2	4	Design spring to handle the fatigue and corrosion that it will be subjected to.
Safety Valve	Closed	· Corrosion · Faulty manufacture	Potential overpressurization	1	2	2	· Use corrosion-resistant materials. · Test the safety valve.
Thermostat	Open	Defective thermostat	Cooking interruption	1	2	2	Use a high-quality thermostat.
Thermostat	Closed	Defective thermostat	Overpressurization eventually opens valve	1	2	2	Use a high-quality thermostat.
Pressure Gage	Falsely indicates safe conditions	· Corrosion · Faulty manufacture	Operator is not alerted of unsafe pressure build-up (explosion)	4	2	8	· Use corrosion-resistant materials. · Test the safety valve.
Pressure Gage	Falsely indicates unsafe conditions	· Corrosion · Faulty manufacture	Operator might assume system will not operate correctly	1	2	2
Safety Valve and Thermostat	Both open	Broken valve spring and defective thermostat	Increased cooking time or cooking interruption	1	2	2	· Design spring to handle the fatigue and corrosion that it will be subjected to. · Use corrosion-resistant materials. · Test the safety valve. · Use a high-quality thermostat
Safety Valve and Thermostat	Both closed	Corroded or otherwise faulty valve and defective thermostat	· Loss of system · Severe injuries or fatalities	4	2	8

Failure Mode, Effects, and Criticality Analysis

Hardware Item	Failure Modes	Causes of Failure	Failure Effects	Severity	Probability of Occurrence	Criticality	Failure Detection Methods	Immediate Intervention	Long Term Intervention	Comments